Hacker News new | ask | show | jobs
by tialaramex 2491 days ago
Er, sure?

If you think the lesson here is "SSL/TLS is terrible, look at the bad implementations people have done" then you screwed up.

What's notable is that TLS is good enough that this even matters. Compare the situation with PGP and S/MIME. Instead of a list of bad examples, as a contrast to how it should be done, all you can say for those entire ecosystems is "Well, this is terrible, never do any of this".

The same story applies for the Web PKI. There have been a bunch of problems with the Web PKI over the years. But rather than "This PKI is terrible" the lesson is actually "This PKI is so good that it actually matters if things go wrong".
1 comments
baby 2491 days ago
I have to agree with Frank. TLS has proven itself to be extremely hard to implement or use correctly. And why use certificates If you can use plainkeys? There are other choices, like Noise.
link
tialaramex 2491 days ago
> why use certificates If you can use plainkeys?

TLS is for use to connect arbitrary peers on the Internet, which means you're going to need a PKI. So that means certificates.

I don't happen to agree with Noise's philosophy about agility, but that's one of those things where we'd have to agree to disagree in the short term. In terms of replacing TLS, Noise just isn't in the picture at all.

link
baby 2491 days ago
For browsers sure. But if you're not using a browser and you're using TLS it's just a bad idea.

You can do PKI with plainkeys. You definitely don't need the complexity or x509 certs.

link
tialaramex 2491 days ago
Nope. As I said, if you need a transport layer to connect arbitrary peers over the Internet, TLS is exactly what the doctor ordered and it already exists. Already studied, already got libraries that implement it, already got test frameworks, everything is in place. An alternative even if it was technically no worse (which isn't guaranteed) and available today (impossible) doesn't have those things.

> You can do PKI with plainkeys.

Nope. A PKI specifically involves the binding of keys to identity, that's what the certificates are for. You don't have to have X.509 (though I'll argue you might as well) but you need that binding.

link